rpms/perl
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a null-pointer dereference on malformed code

Browse Source
This commit is contained in:
Petr Písař 2017-03-08 10:55:17 +01:00
parent b39bdfd34d
commit 2f5d87ed75
2 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch Normal file
View File

@ -0,0 +1,72 @@
From be05b2f7a801ae1721641fd240e0d7d6fc018136 Mon Sep 17 00:00:00 2001
From: Aaron Crane <arc@cpan.org>
Date: Sun, 19 Feb 2017 12:26:54 +0000
Subject: [PATCH] fix ck_return null-pointer deref on malformed code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ported to 5.24.1:
commit e5c165a0b7551ffb94661aa7f18aabadba257782
Author: Aaron Crane <arc@cpan.org>
Date: Sun Feb 19 12:26:54 2017 +0000
[perl #130815] fix ck_return null-pointer deref on malformed code
commit 9de2a80ffc0eefb4d60e13766baf4bad129e0a92
Author: David Mitchell <davem@iabyn.com>
Date: Sun Feb 19 12:36:58 2017 +0000
bump test count in t/comp/parser.t
(the previous commit forgot to)
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
op.c | 2 +-
t/comp/parser.t | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/op.c b/op.c
index 018d90c..9a61ea7 100644
--- a/op.c
+++ b/op.c
@@ -10695,7 +10695,7 @@ Perl_ck_return(pTHX_ OP *o)
PERL_ARGS_ASSERT_CK_RETURN;
kid = OpSIBLING(cLISTOPo->op_first);
- if (CvLVALUE(PL_compcv)) {
+ if (PL_compcv && CvLVALUE(PL_compcv)) {
for (; kid; kid = OpSIBLING(kid))
op_lvalue(kid, OP_LEAVESUBLV);
}
diff --git a/t/comp/parser.t b/t/comp/parser.t
index 50f601c..5016509 100644
--- a/t/comp/parser.t
+++ b/t/comp/parser.t
@@ -8,7 +8,7 @@ BEGIN {
chdir 't' if -d 't';
}
-print "1..173\n";
+print "1..174\n";
sub failed {
my ($got, $expected, $name) = @_;
@@ -546,6 +546,12 @@ eval "grep+grep";
eval 'qq{@{0]}${}},{})';
is(1, 1, "RT #124207");
+# RT #130815: crash in ck_return for malformed code
+{
+ eval 'm(@{if(0){sub d{]]])}return';
+ like $@, qr/^syntax error at \(eval \d+\) line 1, near "\{\]"/,
+ 'RT #130815: null pointer deref';
+}
# Add new tests HERE (above this line)
--
2.7.4

11
perl.spec
View File

@ -28,7 +28,7 @@
Name: perl Name: perl
Version: %{perl_version} Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise # release number must be even higher, because dual-lived modules will be broken otherwise
Release: 389%{?dist} Release: 390%{?dist}
Epoch: %{perl_epoch} Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language Summary: Practical Extraction and Report Language
Group: Development/Languages Group: Development/Languages
@ -301,6 +301,10 @@ Patch85: perl-5.24.1-fix-pad-scope-issue-in-re_evals.patch
# in upstream after 5.25.9 # in upstream after 5.25.9
Patch86: perl-5.25.9-avoid-a-leak-in-list-assign-from-to-magic-values.patch Patch86: perl-5.25.9-avoid-a-leak-in-list-assign-from-to-magic-values.patch
# Fix a null-pointer dereference on malformed code, RT#130815,
# in upstream after 5.25.9
Patch87: perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -3013,6 +3017,7 @@ popd
%patch84 -p1 %patch84 -p1
%patch85 -p1 %patch85 -p1
%patch86 -p1 %patch86 -p1
%patch87 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
@ -3084,6 +3089,7 @@ perl -x patchlevel.h \
'Fedora Patch83: Fix a buffer overflow when studying some regexps repeatedly (RT#129281, RT#129061)' \ 'Fedora Patch83: Fix a buffer overflow when studying some regexps repeatedly (RT#129281, RT#129061)' \
'Fedora Patch85: Fix a heap buffer overflow when evaluating regexps with embedded code blocks from more than one source, RT#129881' \ 'Fedora Patch85: Fix a heap buffer overflow when evaluating regexps with embedded code blocks from more than one source, RT#129881' \
'Fedora Patch86: Fix a memory leak in list assignment from or to magic values, (RT#130766)' \ 'Fedora Patch86: Fix a memory leak in list assignment from or to magic values, (RT#130766)' \
'Fedora Patch87: Fix a null-pointer dereference on malformed code (RT#130815)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil} %{nil}
@ -5360,6 +5366,9 @@ popd
# Old changelog entries are preserved in CVS. # Old changelog entries are preserved in CVS.
%changelog %changelog
* Wed Mar 08 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-390
- Fix a null-pointer dereference on malformed code (RT#130815)
* Fri Feb 17 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-389 * Fri Feb 17 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-389
- Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326) - Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326)
- Fix a heap buffer overflow when evaluating regexps with embedded code blocks - Fix a heap buffer overflow when evaluating regexps with embedded code blocks